Survey of Security Issues in Cloud Computing

mealpythonInternet και Εφαρμογές Web

3 Νοε 2013 (πριν από 3 χρόνια και 5 μήνες)

65 εμφανίσεις

University of Florida | Journal of U
ndergraduate Research |

1

Survey of Security Issues in Cloud Computing

Uttam Thakore

College of Engineering, University of Florida


Cloud computing has quickly become one of the most prominent buzzwords in the IT
world

due to its
revolutionary

model of
computing as a
utility
.
It promises increased flexibility, scalability, and reliability, while promising decreased operational and support
costs.

However, many potential cloud users are reluctant to move to cloud com
puting on a large scale due to the unaddressed security
issues present in cloud computing.
In this paper, I investigate the major security issues present in cloud computing today based on a
framework for security subsystems adopted from IBM. I present the solutions proposed by other researchers, and address the st
rengths
and weaknesses of the so
lutions.
Although considerable progress has been made, more research needs to be done
to address the multi
-
faceted security concerns that exist within cloud computing.
Security issues relating to standardization,

multi
-
tenancy, and federation
must be addre
ssed in more
depth

for cloud computing to overcome its
security hurdles and progress towards widespread adoption.


INTRODUCTION

Cloud computing has become one of the hottest topics in
the IT world today. Its model of computing as a resource
has changed the landscape of
computing as we know it,
and its promises of increased flexibility, greater reliability,
massive scalability, and decreased costs ha
ve

enchanted
businesses and individuals alike.

Cloud computing, as defined by NIST, is a model for
enabling
always
-
on
, conve
nient, on
-
demand network
access to a shar
ed pool of
configurable computing
resources (e.g., storage, applications, services, etc.) that can
be rapidly provisioned and released with minimal
management effort or service provider interaction
[1]
.
It

is
a new model of providing computing resources that utilizes
existing technologies. At the core of cloud computing is a
datacenter that uses virtualization to isolate instances of
applications or services being hosted on the “cloud”. The
datacenter provi
des cloud users the ability to rent
computing resources at a rate dependent on the datacenter
services being requested by the cloud user.

Refer to the
NIST definition of cloud computing, [1], for the
core tenets
of cloud computing
.

In this paper,

I refer t
o the organization providing the
datacenter and related management services as the cloud
provider.
I refer to the
organization using the cloud to host
applications
as the cloud service provider

(CSP)
. Lastly, I
refer to the individuals and/or organizations

using the cloud
services
as the
cloud consumers or cloud users.

NIST defines

three main service models for cloud
computing:




Software as a Service (SaaS)



The cloud provider
provides the cloud consumer with the capability to
deploy an application on a
cloud infrastructure

[1]
.



Platform as a Service (SaaS)


The cloud provider
provides the cloud consumer with the capability to
develop and deploy applications on a cloud
infrastructure using tools, runtimes, and services
supported by the
CSP

[1]
.



Infrastru
cture as a Service (SaaS)


The cloud provider
provides the cloud consumer with essentially a virtual
machine
. The cloud consumer has the ability to
provision processing, storage, networks, etc., and to
deploy and run arbitrary software supported by the
op
erating system run by the virtual machine

[1]
.




NIST also defines four deployment models for cloud
computing
: public, private, hybrid, and community clouds.
Refer to the NIST definition of cloud computing for their
descriptions [1].

One of the most appeali
ng factors of cloud computing is
its pay
-
as
-
you
-
go model of computing as a resource. This
revolutionary model of computing has allowed businesses
and organizations in need of computing power to purchase
as many resources as they need without having to put
forth
a large capital investment in the IT infrastructure. Other
advantages of cloud computing are massive scalability and
increased flexibility for a relatively constant price. For
example, a cloud user can provision 1000 hours of
computational power on a

single cloud instance for the
same price as 1 hour of computational power on 1000
cloud instances [2].

Despite the many advantages of cloud computing, many
large enterprises are hesitant to adopt cloud computing to
replace their existing IT systems. In th
e Cloud Computing
Services Survey done by IDC IT group in 2009, over 87%
of those surveyed

cited

security
as the number one issue
preventing adoption of the cloud
[3]
. For adoption of cloud
computing to become more widespread, it is important that
the security issue with cloud computing be analyzed and
UTTAM THAKORE


University of Florida | Journal of Undergraduate Research |

2

addressed, and proposed solutions be implemented in
existing cloud offerings.

The organization of the rest of this pap
er is as follows.
The second section discusses the framework with which I
will address the security issues in cloud computing, and the
third section elaborates on each of the sections in my
framework. Finally, the fourth
section

of this paper
discuss
es

my
conclusions and future work to be done in the
area of cloud computing security.

F
RAMEWORK FOR ANALYZI
NG SECURITY IN
THE CLOUD

Beginning i
n the 1980s,
governmental initiatives
were
established around the world
to define requirements for
evaluating the effec
tiveness of security functionality built
into computer system
s
. In 1996, initiatives
from the US,
Europe, and Canada
were combined into a document
known as the Common Criteria. The Common Criteria
document was approved as a standard by the International
Or
ganization for Standardization in 1999 and has opened
the way for worldwide mutual recognition of product
security solutions
[4]
.

The Common Criteria, however, serve primarily as a
benchmark for security functionality in products
[4]
. For
this reason, IBM
consolidated and reclassified the criteria
into five functional security subsystems. I have used these
subsystems as the framework within which I assess the
security issues present in cloud computing and evaluate
solutions proposed.

The five functional
security subsystems defined by IBM
are as follows
:


a.

Audit and
C
omplianc
e: This subsystem a
ddresses the
data collection, analysis, and archival requirements in
meeting standards of proof for an IT environment
. It
captures, analyzes, reports, archives, and
retrieves
records of events and conditions during the operation
of the system

[4]
.

b.

Access
C
ontrol
: This subsystem e
nforces security
policies by gating access to processes and services
within a computing solution via

i
dentification
,
authentication, and auth
orization
[4]
. In the context of
cloud computing, all of these mechanisms must also be
considered from the view of a federa
ted access control
system.

c.

Flow
C
ontrol
: This subsystem e
nforces security
policies by gating information flow and visibility and
ensu
ring information integrity within a computing
solution

[4]
.

d.

Identity

and C
redential
M
anagement
: This subsystem
creates and

manages
identity and permission objects

that describe access rights information
across networks
and among the
subsystems,
platforms,
and
processes,
in
a computing solution

[4]
. It may be
required to
adhere to legal criteria for creation and maintenance of
credential objects
.

e.

Solution
I
ntegrity
: This subsystem a
ddresses the
requirement for reliable and
proper

operation of a
computing sol
ution

[4]
.


In the next section of this paper, I address the functional
systems one by one,
also
addressing the interactions
between different functional subsystems in the section to
which they most closely relate.

ANALYSIS OF ISSUES A
ND POTENTIAL
SOLUTIONS WITHIN CLO
UD COMPUTING
SECURITY

Audit
and compliance

Cloud computing raises issues
regarding
compliance
with e
xisting IT laws and regulations

and
with
the division
of compliance responsibilities.




Compliance with laws and regulations


Regulations

written for IT security require that an
organization using IT solutions provide certain aud
it
functionality.

However, w
ith cloud computing,
organizations use services provided by a third
-
party.
Existing regulations do not take into account the audit
respo
nsibility of
a third
-
party service provider
[5]
.

The division of audit responsibilities required for
regulatory compliance must be clearly delineated in the
contracts and
service
-
level agreements (
SLAs
)

between
an organization and the cloud provider.

In
order to comply with audit regulations, a
n
organization
defines security policies and implements
them using an appropriate infrastructure. The policies
defined by an organization may impose more
stringent
requirements than those imposed by
regulations. It
falls
on the customer of the cloud services to bridge
any
gap
between the audit functionality provided by the CSP
and the audit mec
hanisms required for compliance

[5]
.

The CSA states that t
he SLA
between the cloud
consumer and provider
should include a Rig
ht to Audit
clause, which addresses audit rights as required by the
cloud consumer to ensure compliance with regulations
and organization
-
specific security policies

[5]
.

Even though a general approach to involve legal has
been described by
the CSA
, no formal APIs or
frameworks for integration of multiple audit systems
have been defined. Additionally, there are no specific
standards or models that define the separation of
UTTAM THAKORE


University of Florida | Journal of Undergraduate Research |

3

responsibilities between CSP and cloud service
consumer.

Access control

Access

management is one of the toughest issues facing
cloud computing

security
[5]
.
One of the fundamental
differences between traditional computing and cloud
computing is the distributed nature of cloud computing.
Within cloud computing, access management must

therefore
be considered from a federated sense, where an
identity and access management solution is utilized across
multiple
cloud services
and potentially multiple
CSP
s.

Access control can be
separated

into the following
functions:




Authentication


An organization can utilize cloud services across
multiple
CSP
s, and can use these services as an
extension of
its

internal, potentially non
-
cloud services.
It is possible for different cloud services to use
different identity and credential providers
, whi
ch are
likely
different from the providers used by the
organization for
its

internal applications.
The credential
management system used by the organization must be
consolidated or integrated with th
ose

used by the cloud
services
[5]
.

T
he CSA suggests
auth
enticating users via
the
consumer’s

existing identity provider and us
ing

federation to establish trust with the
CSP

[5]
.

It also
suggests using a user
-
centric authentication method,
such as OpenID, to allow a single set of credentials to
be used for multip
le services [5].

Use of an existing identity provider or a user
-
centric
authentication method reduces complexity and allows
for reuse of existing systems. If done using
standardized federation service, it also increases the
potential for seamless authentic
ation with multiple
different types of cloud services.

The CSA states that in general,
CSP
s and consumers
should give preference to open standards, which
provide greater transparency and hence the ability to
more thoroughly evaluate the security of the ap
proach
taken.




Authorization


Requirements for user profile and access control
policy vary depending on whether the cloud user is a
member of an organization, such as an enterprise, or as
an individual. Access control requirements include
establishing trusted user profile and policy in
formation,
using it to control access within the cloud service, and
doing this in an auditable way
[5]
.

Once authentication is done, resources can be
authorized locally within the
CSP
. Many of the
authorization mechanisms that are used in traditional
compu
ting environments can be
utilized in a cloud
setting
.




Federated sign
-
on


A f
ederation is a group of two or more organizations
that have agreed upon standards for operation

[6]
.
Federations allow multiple, disparate entities to be
treated in the same way.
In cloud computing, f
ederated
sign
-
on

plays a vital role in enabling organizations to
authenticate their users of cloud services using
their
chosen identity provider.

If an organization uses multiple cloud services, it
could suffer from the difficulty of
having to
authenticate multiple times during a single session for
different cloud services
.
The Cloud Computing Use
Cases Discussion Group
suggests that the

multiple
sign
-
on problem can be solved by
using a federated
identity system. The federated identity

system would
have a

trusted authority common to multiple
CSP
s, and
prov
ide

single or reduced sign
-
on through the common
authority

[7]
.

Flow control

Information flow control is central to interactions
between the CSP and cloud consumer, since in most cases
,

information is exchanged over the Internet, a
n
unsecured
and uncontrollable medium. Flow control also deals with
the security of data as it travels through the
data
lifecycle
with
in

the CSP



creation, storage, use, sharing, archiving,
and destruction
.

A cloud is shared by multiple service consumers, and by
their very nature, cloud architectures are not static and
must allow flexibility and change. Securing the flow of
data across the cloud service consumer and providers and
across the various component
s within a
CSP

becomes
challenging and requires extensions of mechanisms used in
mor
e static environments of today.

Flow control can be separated into the following
functions:




Secure exchange of data:


Since most cloud services a
re accessed over the
Inter
net, an unsecured domain, there is the utmost need
to encrypt credentials while they are in transit
[5]
. Even
within the cloud provider’s internal network,
UTTAM THAKORE


University of Florida | Journal of Undergraduate Research |

4

encryption and secure communication are essential, as
the information passes between countless, disp
arate
components through network domains with unknown
security, and these network domains are shared with
other organizations of unknown reputability.

Controls should be put in place at multiple levels of
the network stack.

At the application layer,
Shiping
Chen et. al.
[8]

suggest

using application
-
specific
encryption techniques to ensure adequate security of
the data for the particular application.
At the transport
layer,
Xiao Zhang et. al.
[9]

suggest

using
standard
cryptographic protocols, such as

SSL and TLS.

At the
network layer,
Chen et. al.
[8]

suggest

using network
-
layer controls, such as VPN tunneling, to provide easy
-
to
-
implement, secure connection

with a
CSP
.




Data security

lifecycle


The data security lifecycle tracks the phases through
which data goes from creation to destruction. It is
composed of
the
six phases

given below. Refer to

[5]

and
[10]

for descriptions of these phases.

Create
phase
:

As soon as data is created, it can be
ta
mpered with. It could be improperly classified or
have access rights changed by intruders, resulting in
loss of control over the data
[10]
.

The CSA
suggests
that organizations use data labeling and classification
techniques, such as user tagging of data, t
o mitigate
the improper classification of data

[5]
.

Store
phase
:

B
ecause
CSP
s are third
-
parties, the
complete security of CSP systems is unknown, so data
must be protected from
unauthorized access,
tampering by network intruders, and leakage
[10]
. Due
to
the multi
-
tenant nature of cloud computing,

co
ntrols
must be put in place to compensate for the additional
security risks inherent to the commingling of data
.

In order to prevent legal issues based on the physical
location of data,
the CSA

suggests that th
e cloud
consumer stipulate its ability to know the geographical
location of its data in the
SLA

and ensure that
the
SLA
include a clause requiring advance notification of
situations in which storage may be seized or data may
be subpoenaed

[5
].

Use
and Share
phase:

During the use phase, which
includes transmission between
CSP

and consumer and
data processing, the confidentiality of sensitive data
must be protected from
mixing with
network traffic
wit
h other cloud consumers. If the data is shared
betw
een multiple users or organizations, the
CSP

must
ensure data integrity and consistency. The
CSP

must
also protect all of its cloud service consumers from
malicious activities from its other consumers
[10]
.

Archive
phase
:

As with the storage phase, data m
ust
be protected against unauthorized access by intruders,
and from malicious co
-
tenants of the cloud
infrastructure
. In addition, data backup and recovery
schemes must be
in place to prevent data loss or
premature destruction
[5]
.

For

data

in a live production database,
the CSA

suggests using at
-
rest encryption


having the
CSP

encrypt the data before
storage
[5]
. For data that will
be
archived
,
it

recommends that the cloud consumer
perform the encryption locally before sending the data
to
the
CSP

to decrease

the ability of a malicious CSP
or co
-
tenant from accessing archived data

[5]
.

Destroy phase
:

Data persistence
is
the biggest
challenges present in the destroy phase. For data to be
completely destroyed, it must be erased, rendered
unrec
overable, and as appropriate, physically
discarded

[5]
.

The CSA

suggests a plethora of techniques to be used
by
CSP
s to ensure that data is completely destroyed
,
including

disk wiping
,

physical data destruction
techniques, such as degaussing
, an
d

crypto
-
shredding

[5]
.

Identity/credentials (management)

Within cloud computing, identity and credential
management entails provisioning, deprovisioning, and
management of identity objects and the ability to define an
identity provider that accepts a user’s

credentials (a user ID
and password, a certificate, etc.) and returns a signed
security token that identifies that user. Service providers
that trust the identity provider can use that token to grant
appropriate access to the user, even though the service

provider has no knowledge of the user
[7]
.

An organization may use multiple cloud services from
multiple cloud providers.
Identity must be managed at all
of these services, which may use different identity objects
and identity management systems
.

In addi
tion,
provisioning and deprovisioning of identities
for an organization’s IT system is
traditionally
done
manually and infrequently. With cloud computing, access
to services changes more rapidly than it would in a
traditional IT application, so provisionin
g and
deprovisioning of identities must be dynamic.

Federated identity management allows an organization
to
rapidly
manage access to multiple cloud services from a
single repository. An organization can maintain a mapping
of master identity objects to iden
tities used by multiple
UTTAM THAKORE


University of Florida | Journal of Undergraduate Research |

5

applications within the organization’s IT system. Cloud
customers should modify or extend these repositories of
identity data so that they encompass applicat
ions and
processes in the cloud

[5]
.

Currently, CSPs provide custom
connectors for
communication of identity and access control objects.

The
capabilities currently provided by
CSP
s are inadequate for
enterprise consumers. Custom connectors unique to cloud
providers increase management complexity, and are not
flexible, d
yna
mic, scalable, or extensible

[5]
.

Researchers at IBM Research


China
[11]

sug
gest

using
a brokered trust model, where a third
-
party broker server is
used to establish the trust with a cloud service user. The
business agreement between the
CSP

and the iden
tity
broker allows the CSP to place trust in the broker, allowing
it to act as an agent for the CSP to establish trust with other
parties, such as organizations using cloud services
[11]
.
The organizations can then take advantage of their own
identity fede
ration services to relay credential information
for authentication with the cloud service.

Such an approach reduces the CSP’s cost of establishing
multiple trust relationships with multiple service users.
It
a
lso pushes complexity to the trust broker, whic
h can
support more forms of federated identities.

From the
consumer’s perspective, if multiple CSPs utilize same trust
broker, establishing trust with multiple different types of
services can be done by establishing trust with single trust
broker.

Solution

integrity

Within the realm of cloud computing, solution integrity
refers to the ability of the cloud provider to ensure the
reliable and correct operation of the cloud system
in
support of meeting its legal obligations, e.g., SLAs, and
any technical stand
ards to which it conforms. This
encompasses
protect
ing

data while it is on the cloud
premises, both cryptographically and physically;
preventing intrusion and attack and responding swiftly to
attacks such that damage is limited; preventing faults and
failures of the system and recovering from them quickly to
prevent extended periods of service outage; and protection
of cloud tenants from the activities of other cloud ten
ants,
both direct and indirect.




Incident response and remediation


Even though
solutions
are run by the

cloud

provider,
cloud
providers

have an obligation to both their
customers and to regulators

in the event of a breach or
other incident
. In the cloud environment, the cloud
consumer must have enough information and visibility
into
the cloud provider’s system to be able to provid
e
reports to regulators and to their own customers.

The CSA
suggests that cloud customers clearly
define and
indicate

to cloud providers what they
consider

serious

events, and what they simply consider
incide
nts
[5]
. For example, a cloud consumer may
consider a data breach to be a serious incident, whereas
an intrusion detection alert may just be an event that
should be investigated
.




Fault tolerance and failure recovery


For a
CSP
, one of the most devastating occurrences
can be an outage of service due to a failure of the cloud
system. For example, Amazon’s EC2 service went
down in April 2011, taking with it a multitude of other
popular websites that use EC2 to host their services.

Amazon Web Services suffered a huge blow from this
outage.
CSP
s must ensure that zones of service are
isolated to prevent mass outages, and have rapid failure
recovery mechanisms in place to counteract outages.

The CSA recommends that cloud customers insp
ect
cloud provider disaster recovery and business
continuity plans to ensure that they are sufficient for
the cloud customer’s fault tolerance level [5].

CONCLUSIONS

AND FUTURE WORK

Cloud computing is an extension of existing techniques
for computing syst
ems. As such, existing security
techniques can be applied within individual components of
cloud computing. For example, VPN tunneling can be used
for secure communication; existing encryption methods
can be used to ensure protection of data on the cloud; a
nd
existing user
-
centric authentication methods, such as
Open
ID, can be used to authenticate with cloud services.
However, because of the inherent features of cloud
computing, such as resource pooling and multitenancy,
rapid elasticity, broad network acces
s, and on
-
demand self
-
service, existing security techniques are not in themselves
adequate to deal with cloud security risks.

Cloud providers exist in the market today, so the cloud
paradigm has already overcome its initial security hurdles
and moved from
theory into reality. However, current
cloud providers have provided extremely proprietary
solutions for dealing with security issues. Execution of a
single business process requires the participation of
multiple, interoperating providers and consumers. Hen
ce,
the next step of evolution of cloud computing to bring
more players into the conglomerate will be standardization
of security features, techniques, and exchange formats.
Some standards already exist and are being revised, but
more work needs to be done

on this front.

UTTAM THAKORE


University of Florida | Journal of Undergraduate Research |

6

In addition, for cloud computing to be used in a wide
scale and really deliver on its promised benefits of
elasticity, scalability, flexibility, and economies of scale,
the focus of security needs to shift towards devising
techniques to ena
ble federation of security functions that
are used today. For example, federation of audit, identity
management, authentication, authorization, and incident
response must all be explored in greater detail. The focus
of federation should be to enable a brea
dth of computing
capabilities provided by multiple providers with different
qualities of service to be consumed by customers with
varying computing needs in a cohesive and secure fashion.
Further, the federation should allow the cloud consumers to
commiss
ion and decommission services from various
CSP
s
with flexibility and agility.

Finally, interest research
problems will arise when we consider cloud computing
security together with classical q
uality
-
of
-
serve
issues
[12,13]
and dist
ributed computing issues
[
14] in a network
-
wide scope where cloud
(storage) systems are
implemented
in a distributed manner
.

Another core element of cloud computing is
multitenancy. Due to multitenancy, there is a need to
logically isolate the data, computing, manageability, and
auditability of users co
-
tenant on the same physical
infrastructure at an individual component level, across
architectural layers, and across multiple providers. Hence,
security mechanisms and approaches that enable the
abovementioned isolation in a standa
rdized way need more
scrutiny in the future.



UTTAM THAKORE


University of Florida | Journal of Undergraduate Research |

7

REFERENCES

[1]

National Institute of Standards and Technology,
NIST Definition of Cloud
Computing
, Sept 2011.


[
2
]

Armbrust, M. et. al., (2009), “Above the clouds: A Berkeley view of Cloud
Computing”,
UC
Berkeley EECS
, Feb 2010
.


[3
]

Ramgovind,

S.; Eloff, M.M.; Smith, E., "The management of security in
Cloud computing,"

Informa
tion Security for South Africa
, 2010

, vol., no.,
pp.1
-
7, 2
-
4 Aug. 2010
.



[4]

IBM Corporation,
Enterprise Security Architecture
Using IBM Tivoli
Security Solutions
, Aug 2007.


[5]

Cloud Security Alliance,
Security Guidance for Critical Areas of Focus in
Cloud Computing V2.1
, 2009.


[6]

“Federated identity management.” Internet:
http://en.wikipedia.org/wiki/Federated_identity_manage
ment
, [Dec. 16,
2011].


[7]

Cloud Computing Use Case Discussion Group,
Cloud Computing Use
Cases Whitepaper v4.0
, July 2010.


[8]

Shiping Chen; Nepal, S.; Ren Liu, "Secure Connectivity for Intra
-
cloud and
Inter
-
cloud Communication,"

Parallel Processing Workshops (ICPPW),
2011 40th International Conference on

, vol., no., pp.154
-
159, 13
-
16 Sept.
2011
.


[9]

Xiao Zhang; Hong
-
tao Du; Jian
-
quan Chen; Yi Lin; Lei
-
jie Zeng, "Ensure
Data Security in Cloud Storage,"

Network Computing and Infor
mation
Security (NCIS), 2011 International Conference on

, vol.1, no., pp.284
-
287,
14
-
15 May 2011
.


[10]

Xiaojun Yu; Qiaoyan Wen, "A View about Cloud Data Security from Data
Life Cycle,"

Computational Intelligence and Software Engineering (CiSE),
2010 Inte
rnational Conference on

, vol., no., pp.1
-
4, 10
-
12 Dec. 2010
.


[11]

He Yuan Huang; Bin Wang; Xiao Xi Liu; Jing Min Xu, "Identity Federation
Broker for Service Cloud,"

Service Sciences (ICSS), 2010 International
Conference on

, vol., no., pp.115
-
120, 13
-
14
May 2010
.


[12
]

Shigang Chen, Meongchul Song, Sartaj Sahni, Two Techniques for Fast
Computation of Constrained Shortest Paths, IEEE/ACM Transactions on
Networking, vol. 16, no. 1, pp. 105
-
115, February 2008.


[13
]

King
-
Shan Lui, Klara Nahrstedt, Shigang
Chen, Hierarchical QoS Routing
in Delay
-
Bandwidth Sensitive Networks, in Proc. of IEEE Conference on
Local Area Networks (LCN’2000), pp. 579
-
588, Tampa, FL, November
2000.


[14
]

Shigang Chen, Yi Deng, Attie

Paul, Wei Sun, Optimal Deadlock Detection
in Distributed Systems Based on Locally Constructed Wait
-
for Graphs, in
Proc. of 16th IEEE International Conference on Distributed Computing
Systems (ICDCS’96), Hong Kong, May 1996.